There is no silver bullet to security but as data centre facilities hold some of the most sensitive information, data centre managers must ensure they have the most stringent cybersecurity protocols in place. Here, Steven Brown, Segment Director for Schneider Electric’s Software Business, discusses the importance of data centre security as a priority and offers his best practice advice for decreasing vulnerabilities across critical systems.
To set the scene, can you tell us about the data centre security trends you’re seeing across the industry so far in 2022 and how you expect these to evolve?
The security trends are actually very connected to the data centre trends themselves. So we see a proliferation of connected devices which is really important for companies to manage their infrastructure more efficiently and to be more sustainable and resilient. And those connected devices present new challenges and opportunities in terms of cyber-resiliency, so a lot of that effort is going towards those connected devices there. The second trend is going to be around talent and that isn’t specific to just the data centre when you have so many issues around shortage of talent globally, but in the data centre space it existed before the great resignation and the pandemic and it’s really visceral on the cybersecurity side of things. So those two trends coupled with the growth, the investment, the mergers and acquisitions activity – which has been so exciting to see – it’s also led to a proliferation of multi-vendor environments multi-country data centre management and so you’re going to see a trend towards more centralisation on the security side in terms of how they manage their data centres.
How important is data centre security and how do you prioritise this?
Well, when considering data centre security in terms of risk, I think there are three elements that determine risk of a particular industry and it’s going to be threat, vulnerability and consequence. So obviously with the trends I mentioned, threats and vulnerabilities are growing. And when you look at consequence, data centres today don’t have the health and human safety impact of say nuclear industry or wastewater potentially. But as workloads continue to move to the cloud and as data centres continue to manage more and more mission critical infrastructure, there is consequence there. So, it’s certainly critical infrastructure globally and should be recognised as such.
How has the growing trend of mergers and acquisitions caused significant cybersecurity challenges across physical infrastructure systems and how do you tackle this?
That’s a great question and a challenge. In terms of all the exciting mergers, acquisitions and investment, there’s so many multi-country data centres out there now and that has introduced challenges because on the OT side, it introduces a lot of complexity around multi-vendor management, patching schedules, managing multiple vendors, managing the specific response plans of each of those vendors. And so, I think that multi-vendor environment has become very challenging from a security perspective. So as far as mitigation, it’s finding those vendor neutral monitoring management tools that can help you stay ahead on your security infrastructure.
Can you discuss the importance of needing to adopt best practices from other sectors to drive resilience and decrease vulnerabilities within your critical systems?
It’s interesting in data centres, because I think there’s been tremendous upskilling on the IT security side of things, especially as you see more data centre operators start offering remote hand services or even cybersecurity services as part of their colocation services, for example. So that’s been tremendous to see and I think it just means that the OT side needs to accelerate in terms of bringing different OT-specific tools to ensure your critical infrastructure is managing your potential vulnerabilities as best as possible. So that’s where we’re looking to other industries that are exclusively or heavily operational technologies – rail water, wastewater and energy can really help us because standards such as IEC 62443 exist specifically for that class of equipment. And it’s really something that can be leveraged more on the OT side of data centre infrastructure.
Can you tell us about your plans to evolve over the next 12 months, with security top of mind?
Well in the end cybersecurity has certainly always been a priority for Schneider Electric so we’re going to continue to see that investment. And increasingly, given our experience across sectors and across OT industries, we’re going to continue that knowledge sharing internally and help our clients and partners maintain their cybersecurity resiliency.
Click below to share this article